Description

Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Remediation

References

CVE-2013-4305

Related Vulnerabilities

WordPress Plugin WP Posts Carousel Cross-Site Scripting (1.3.6)

Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37062)

XWiki Improper Access Control Vulnerability (CVE-2023-29513)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-4319)

Severity

Medium

Classification

CVE-2013-4305 CWE-707

Tags

Missing Update Known Vulnerabilities